DeleteCertificateAuthority

Deletes a private certificate authority (CA). You must provide the ARN (Amazon
Resource Name) of the private CA that you want to delete. You can find the ARN
by
calling the ListCertificateAuthorities operation. Before you can
delete a CA, you must disable it. Call the UpdateCertificateAuthority
operation and set the CertificateAuthorityStatus
parameter to DISABLED.

Additionally, you can delete a CA if you are waiting for it to be created (the
Status field of the CertificateAuthority is CREATING). You can also delete it
if the CA has been created but you haven't yet imported the signed certificate
(the
Status is PENDING_CERTIFICATE) into
ACM PCA.

If the CA is in one of the aforementioned states and you call DeleteCertificateAuthority, the CA's status changes to
DELETED. However, the CA won't be permentantly deleted until the
restoration period has passed. By default, if you do not set the
PermanentDeletionTimeInDays parameter, the CA remains restorable for 30
days. You can set the parameter from 7 to 30 days. The DescribeCertificateAuthority operation returns the time remaining in the
restoration window of a Private CA in the DELETED state. To restore an
eligable CA, call the RestoreCertificateAuthority operation.